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CLAIMS: 



1. A method for secure content distribution among devices (101-105) in a 
network (110), the method comprising the steps of: 

registering, by means of a central device (101) administrating the network, a 
device (102-105) entering the network (1 10) and issuing at least one certificate to the 
entering device (102-105); and 

distributing content among devices (101-105) in the network (110) based on 
authentication by means of the at least one certificate issued to each device (102-105), 
wherein the distribution of content from a first device (101-105) to a second device (101-105) 
is enabled by the first device authenticating the second device by means of the at least one 
certificate of the second device and the second device authenticating the first device by 
means of the at least one certificate of the first device. 

2. The method according to claim 1, wherein the at least one certificate 
comprises: 

a first certificate comprising a public key generated by the central device (101) 
and a signature created with a device private key; and 

a second certificate comprising a public key of the entering device (102-105) 
and a signature created with a private key generated by the central device (101), said private 
key generated by the central device (101) corresponding to said public key generated by the 
central device (101). 

3. The method according to claim 1 , wherein the step of registering a device 
(102-105) entering the network (110) comprises: 

verifying a third certificate with a device public key stored in each device 
(101-105), the third certificate being factory installed and signed with a certificate authority 
private key, wherein verification is performed by means of a factory installed corresponding 
certificate authority public key; and 

authenticating, by means of said device public key, a device (101-105) storing 
a device private key, said device private key corresponding to said device public key. 
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4. The method according to claim 2, wherein the step of distributing content 

among devices (101-105) in the network (110) comprises: 

sending the second certificate of the first device (101-105) from the first 
5 device to the second device (101-105) and the second certificate of the second device from 
the second device to the first device; 

verifying, using the public key generated by the central device (101), the 
second certificate of the second device (101-105) at the first device (101-105) and the second 
certificate of the first device at the second device; 
10 sending the first certificate of the first device from the first device (101-105) to 

the second device (101-105) and the first certificate of the second device from the second 
device to the first device; 

verifying, using the device public key, the first certificate of the second device 
(101-105) at the first device (101-105) and the first certificate of the first device at the second 
15 device; 

sending a third certificate of the central device (101), the third certificate being 
factory installed and signed with a certificate authority private key, from the first device to 
the second device (101-105) and sending the third certificate of the central device (101) of 
the second device to the first device; 
20 verifying, using the certificate authority public key, the third certificate at the 

second device (101-105) and at the first device (101-105). 

5, The method according to any of the preceding claims, wherein the central 

device (101) further performs the steps of: 
25 registering entities contained in the network (1 10); 

storing lists of the entities contained in the network (1 10); and 
issuing a list of deregistered devices in the network (1 10) to all non- 

deregistered devices in said network (1 10). 

30 6. The method according to any of the preceding claims, wherein the network is 

an authorized domain. 

7. The method according to any one of claims 1-5, wherein the network is a 

home network. 
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8. A system (100) for secure content distribution among devices (101-105) in a 
network (110), the system (100) comprising: 

a central device (101), which device (101) administrates the network (110), 
5 arranged to register a device (102-105) entering the network (1 10) and arranged to issue at 
least one certificate to the entering device (102-105); and 

at least one certificate, wherein distribution of content among devices (101- 
105) in the network (110) is based on authentication by means of the at least one certificate 
issued to each device (102-105), the distribution of content from a first device (101-105) to a 
10 second device (101-105) being enabled by the first device authenticating the second device 
by means of the at least one certificate of the second device and the second device 
authenticating the first device by means of the at least one certificate of the first device. 

9. The system according to claim 8, wherein the at least one certificate 
15 comprises: 

a first certificate comprising a public key generated by the central device (101) 
and a signature created with a device private key; and 

a second certificate comprising a public key of the entering device (102-105) 
and a signature created with a private key generated by the central device (101), said private 
20 key generated by the central device (101) corresponding to said public key generated by the 
central device (101). 

10. The system according to claim 8, wherein 

the central device (101) is arranged to verify a certificate with a device public 
25 key stored in each device (101-105), the certificate being factory installed and signed with a 
certificate authority private key, wherein verification is performed by means of a factory 
installed corresponding certificate authority public key; and 

the central device (101) is arranged to authenticate, by means of said device 
public key, a device (101-105) storing a device private key, said device private key 
30 corresponding to said device public key, when the central device (101) authenticates a device 
(102-105) entering the network (110). 

1 1 . The system according to claim 9, further comprising: 
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means arranged to send the second certificate of the first device (101-105) 
from the first device to the second device (101-105) and the second certificate of the second 
device from the second device to the first device; 

means arranged to verify, using the public key generated by the central device 
(101), the second certificate of the second device (101-105) at the first device (101-105) and 
the second certificate of the first device at the second device; 

means arranged to send the first certificate of the first device from the first 
device (101-105) to the second device (101-105) and the first certificate of the second device 
from the second device to the first device; 

means arranged to verify, using the device public key, the first certificate of 
the second device (101-105) at the first device (101-105) and the first certificate of the first 
device at the second device; 

means arranged to send a third certificate of the central device (101), the third 
certificate being factory installed and signed with a certificate authority private key, from the 
first device to the second device (101-105) and the third certificate of the central device (101) 
of the second device to the first device; 

means arranged to verify, using the certificate authority public key, the third 
certificate at the second device (101-105) and at the first device (101-105), 

12. The system according to any one of claims 8-11, wherein the central device 
(101) further is arranged to: 

register entities contained in the network (110); 
store lists of the entities contained in the network (110); and 
issue a list of deregistered devices in the network (1 10) to all non-deregistered 
devices in said network (1 10). 

13. The system according to any one of the claims 8-12, wherein the network is an 
authorized domain. 

14. The system according to any one of claims 8-12, wherein the network is a 
home network. 



15. A central device (1 0 1) for administrating a network (1 1 0), the central device 

(101) comprising: 
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means arranged to register a device (102-105) entering the network (1 10); and 
means arranged to issue at least one certificate to the entering device (102- 

105). 



5 16. The central device (101) according to claim 15, further comprising: 

means arranged to register entities contained in the network (110); 
means arranged to store lists of the entities contained in the network (110); and 
means arranged to issue a list of deregistered devices in the network (1 10) to 
all non-deregistered devices in said network (110). 

10 

17. The central device according to any one of the claims 15 or 16, wherein the 

central device is administrating an authorized domain. 



18. The central device according to any one of the claims 15 or 16, wherein the 

1 5 central device is administrating a home network. 



